Re: at last: draft-levine-mass-batv-00

There is no cut and paste attack.

Due to trojaned PC's sitting behind MTA's that don't strip the
return-path signature, I'm afraid that is not a realistic
assessment.


Any host that has a message in hand with you can send you a bounce, or
more than one bounce, now or with BATV, and the bounce can contain
anything that host wants.  That's not a cut and paste attack, that's
the way bounces work.

We all realize that a hostile host with a message in hand can send you
a whole lot of bounces, and those bounces can contain unpleasant
stuff.  That's still not a cut and paste attack.

Since those hosts can send you the exact spam anyway, with or without
a BATV address, that's not a problem that BATV addresses, or could
address.  BATV deals with the specific problem of other people sending
you bounces for mail you didn't send.

My prototype does put a timestamp in the signature, ...

That will prevent replay of old signatures, but not of fresh ones.


Correct.  That's not a bug.  That's what it's designed to do.

In particular, BATV is NOT a way for recipients to verify the
authenticity of arbitrary senders.

SES didn't start out with that idea in mind either, but it has
become clear it is a good way to do this at lower overhead than
competing methods.


We'll have to disagree there, since the overhead required for sending
hosts to remember all the mail they've sent and to respond to
per-message inquiries is enormous, and trying to guess when a
signature has had "too many" bounces will cause both false positives
and false negatives.

If you're trying to use PK bounce address signatures to let recipients
verify arbitrary bounce addresses, I agree there are cut and paste
problems, and complexity of trying to deal with them are also great.
Since you have to read the message anyway to see if it matches the
signature, I see no meaningful advantage of bounce signatures over
something like domain keys.

Regards,
John Levine, johnl(_at_)iecc(_dot_)com, Primary Perpetrator of "The Internet 
for Dummies",
Information Superhighwayman wanna-be, http://www.johnlevine.com, Mayor
"I shook hands with Senators Dole and Inouye," said Tom, disarmingly.

<Prev in Thread]	Current Thread	[Next in Thread>
Re: at last: draft-levine-mass-batv-00, (continued) Re: at last: draft-levine-mass-batv-00, Michael Thomas Re: at last: draft-levine-mass-batv-00, John R Levine Re: at last: draft-levine-mass-batv-00, David Woodhouse Re: at last: draft-levine-mass-batv-00, Michael Thomas Re: at last: draft-levine-mass-batv-00, Michael Thomas Re: at last: draft-levine-mass-batv-00, David Woodhouse Re: at last: draft-levine-mass-batv-00, Dave Crocker Re: at last: draft-levine-mass-batv-00, Andrew Newton Re: at last: draft-levine-mass-batv-00, John Levine RE: at last: draft-levine-mass-batv-00, Seth Goodman Re: at last: draft-levine-mass-batv-00, John Levine <= RE: at last: draft-levine-mass-batv-00, Seth Goodman Re: at last: draft-levine-mass-batv-00, John Levine RE: at last: draft-levine-mass-batv-00, Seth Goodman RE: at last: draft-levine-mass-batv-00, Dave Crocker RE: at last: draft-levine-mass-batv-00, Seth Goodman RE: at last: draft-levine-mass-batv-00, David Woodhouse Re: at last: draft-levine-mass-batv-00, Jim Fenton Re: at last: draft-levine-mass-batv-00, David Woodhouse Re: at last: draft-levine-mass-batv-00, Jim Fenton Re: at last: draft-levine-mass-batv-00, John Levine

Previous by Date:	RE: at last: draft-levine-mass-batv-00, Seth Goodman
Next by Date:	Re: Rambings on RFC2822 signatures., Miles Libbey
Previous by Thread:	RE: at last: draft-levine-mass-batv-00, Seth Goodman
Next by Thread:	RE: at last: draft-levine-mass-batv-00, Seth Goodman
Indexes:	[Date] [Thread] [Top] [All Lists]